Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for data masking comprising: obtaining, by a data masking apparatus, a database and metadata associated with the database in response to a received request for data masking; validating, by the data masking apparatus, the obtained metadata comparing the obtained metadata with the received request to determine whether the received request includes sufficient information for performing a data masking operation; performing, by the data masking apparatus, a data masking operation on the obtained database at a column level when the determination indicates the received request is validated; and storing, by the data masking apparatus, a record of the performance of the data masking operation on the obtained database at the column level.
2. The method as set forth in claim 1 further comprising, dividing, by the data masking apparatus, the obtained database into a plurality of database tables prior to performing the data masking operation.
3. The method as set forth in claim 1 further comprising, disabling, by the data masking apparatus, one or more constraints in the obtained database prior to performing the data masking operation, wherein each of the one or more constraints relates to a relationship between data in a first cell of the obtained database and data in other cells of the obtained database.
4. The method as set forth in claim 2 wherein the data masking operation is performed on one or more columns of the divided plurality of database tables.
5. The method as set forth in claim 4 further comprising, generating, by the data masking apparatus, one or more structured query language files from the data masked plurality of database tables.
This invention relates to data masking systems that protect sensitive information in database tables. The problem addressed is the need to securely transform or obscure sensitive data while maintaining the usability of the database for testing, development, or analysis. The invention involves a data masking apparatus that processes a plurality of database tables containing sensitive data. The apparatus identifies sensitive data fields within these tables and applies masking techniques to obscure the sensitive information. These techniques may include substitution, shuffling, or encryption of the data. The apparatus then generates one or more structured query language (SQL) files from the masked database tables. These SQL files can be used to reconstruct or query the masked data in a secure manner. The system ensures that the masked data remains functional for database operations while preventing unauthorized access to the original sensitive information. The invention is particularly useful in environments where data privacy regulations require protection of personal or confidential information.
6. The method as set forth in claim 3 further comprising, enabling, by the data masking apparatus, the one or more constraints after performing the data masking.
A data masking system applies transformations to sensitive data to protect it while preserving usability. The system includes a data masking apparatus that processes data according to predefined rules, such as substitution, shuffling, or encryption, to obscure original values. The apparatus also enforces constraints to ensure masked data remains valid and usable, such as maintaining referential integrity or adhering to format requirements. After masking, the system enables these constraints to verify that the transformed data meets specified criteria, ensuring the masked data remains functional for downstream applications. The constraints may include checks for data consistency, format compliance, or business rule validation. The system dynamically applies these constraints post-masking to confirm the masked data retains its intended utility while protecting sensitive information. This approach ensures that masked data is both secure and usable in operational environments.
7. A non-transitory computer readable medium having stored thereon instructions for data masking comprising executable code, which when executed by at least one processor, cause the processor to: obtain a database and metadata associated with the database in response to a received request for data masking; validate the obtained metadata by comparing the obtained metadata with the received request to determine whether the received request includes sufficient information for performing a data masking operation; perform a data masking operation on the obtained database at a column level when the determination indicates the received request is validated; and store a record of the performance of the data masking operation on the obtained database at the column level.
This invention relates to data masking, a technique used to protect sensitive information in databases by obscuring or transforming data while preserving its structure. The problem addressed is ensuring that data masking operations are performed accurately and securely, with proper validation of metadata to prevent errors or unauthorized access. The system involves a non-transitory computer-readable medium storing executable instructions for data masking. When executed by a processor, the instructions cause the system to obtain a database and its associated metadata in response to a masking request. The metadata is validated by comparing it with the request to ensure the request contains sufficient information for the masking operation. If validated, the system performs column-level data masking, applying transformations or obfuscation to specific database columns. The system then records the masking operation, documenting its execution for auditing or compliance purposes. The invention ensures that data masking is performed only when the request is properly validated, reducing the risk of errors or unauthorized modifications. The column-level masking allows for selective protection of sensitive data while preserving non-sensitive information. The recording of masking operations supports accountability and compliance with data protection regulations.
8. The medium as set forth in claim 7 further comprising, divide the obtained database into a plurality of database tables prior to performing the data masking operation.
9. The medium as set forth in claim 7 further comprising, disabling one or more constraints in the obtained database prior to performing the data masking operation, wherein each of the one or more constraints relates to a relationship between data in a first cell of the obtained database and data in other cells of the obtained database.
10. The medium as set forth in claim 8 wherein the data masking operation is performed on one or more columns of the divided plurality of database tables.
A system and method for securely processing database tables involves dividing a database into multiple tables to enhance data security. The system performs data masking operations on one or more columns within these divided tables to protect sensitive information. The masking process alters the data in such a way that it remains usable for certain operations while preventing unauthorized access to the original values. This approach ensures that even if an attacker gains access to the database, the masked data remains unintelligible without proper authorization. The system may also include additional security measures, such as encryption, to further safeguard the data. The method is particularly useful in environments where data privacy and compliance with regulations like GDPR or HIPAA are critical. By applying masking to specific columns rather than entire tables, the system balances security with operational efficiency, allowing legitimate users to access necessary data while protecting sensitive fields. The solution is designed to integrate seamlessly with existing database management systems, minimizing disruption to ongoing operations.
11. The medium as set forth in claim 10 further comprising, generating one or more structured query language files from the data masked plurality of database tables.
12. The medium as set forth in claim 9 further comprising enabling the one or more constraints after performing the data masking.
13. A data masking apparatus comprising: a processor; and a memory coupled to the processor which is configured to be capable of executing programmed instructions comprising and stored in the memory to: obtain a database and metadata associated with the database in response to a received request for data masking; validate the obtained metadata by comparing the obtained metadata with the received request to determine whether the received request includes sufficient information for performing a data masking operation; perform a data masking operation on the obtained database at a column level when the determination indicates the received request is validated; and store a record of the performance of the data masking operation on the obtained database at the column level.
14. The apparatus as set forth in claim 13 wherein the processor is further configured to be capable of executing the stored programmed instructions to divide the obtained database into a plurality of database tables prior to performing the data masking operation.
15. The apparatus as set forth in claim 13 wherein the processor is further configured to be capable of executing the stored programmed instructions to disable one or more constraints in the obtained database prior to performing the data masking operation, wherein each of the one or more constraints relates to a relationship between data in a first cell of the obtained database and data in other cells of the obtained database.
16. The apparatus as set forth in claim 14 wherein the data masking operation is performed on one or more columns of the divided plurality of database tables.
17. The apparatus as set forth in claim 16 wherein the processor is further configured to be capable of executing the stored programmed instructions to generate one or more structured query language files from the data masked plurality of database tables.
18. The apparatus as set forth in claim 15 wherein the processor is further configured to be capable of executing the stored programmed instructions to enable the one or more constraints after performing the data masking.
Unknown
February 2, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.